CVE-2013-6323

IBM Websphere Virtual Enterprise - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References (7)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21669554

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21676091

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21676092

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67720

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/88903

Scores

EPSS 0.0029

EPSS Percentile 52.3%

Details

CWE

CWE-79

Status published

Products (48)

ibm/websphere_virtual_enterprise

ibm/websphere_virtual_enterprise

ibm/websphere_virtual_enterprise

ibm/websphere_virtual_enterprise

ibm/websphere_virtual_enterprise

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

... and 38 more

Published May 01, 2014

Tracked Since Feb 18, 2026